Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-28 | CVE-2008-1545 | Improper Input Validation vulnerability in Microsoft Internet Explorer 7.0/7.0.5730.11 The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. | 4.3 |
2008-03-28 | CVE-2008-1535 | Improper Input Validation vulnerability in Matti Kiviharju Rekry Component 1.0.0 SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php. | 7.5 |
2008-03-28 | CVE-2008-1532 | Improper Input Validation vulnerability in Perlbal Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload. | 5.0 |
2008-03-25 | CVE-2008-1495 | Improper Input Validation vulnerability in Peel 1.0B/2.6/2.7 Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf. | 6.5 |
2008-03-25 | CVE-2008-1492 | Improper Input Validation vulnerability in Coronamatrix PHPaddressbook 2.11 Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-03-24 | CVE-2008-1478 | Improper Input Validation vulnerability in ARI Pikivirta Home FTP Server 1.4.5.89 Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. | 5.0 |
2008-03-20 | CVE-2008-1412 | Improper Input Validation vulnerability in F-Secure products Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | 6.8 |
2008-03-20 | CVE-2008-1411 | Improper Input Validation vulnerability in Acronis Snap Deploy 2.0.0.1076 The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference. | 5.0 |
2008-03-20 | CVE-2008-1012 | Improper Input Validation vulnerability in Apple Airport Extreme Base Station Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation." | 4.3 |
2008-03-18 | CVE-2008-0999 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. | 7.1 |